To add... (it was already discussed and is on the TODO list).
(5) wackamole doesn't ARP spoof to enough machines.
wackamole currently only ARP spoofs to its default gateway. There are
two options:
(a) wackamole should ARP spoof to every address in every directly
connected subnet
(b) wackamole instances should distribute and union their ARP caches.
In the event of an IP acquisition, every IP in the shared aggregate ARP
cache should be notified (sent an ARP spoof).
After some discussion with Ben, I am convinces that both are valid
options and useful in different scenarios. They should both be
implemented.
(a) poses more complications as the attached subnets could be BIG. Many
people, including me, use the 10/8 network as an internal network. That
is 16 million IPs to spoof to. That is hefty. Even in lighter
situations, with class B networks, there are 65k packets to be sent.
All at once is a little much. Ben suggested a combination a trickle
approach that could be combined with method (b).
Ideally this should be definable on an interface by interface basis.
Comments are welcome.
--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
(5) wackamole doesn't ARP spoof to enough machines.
wackamole currently only ARP spoofs to its default gateway. There are
two options:
(a) wackamole should ARP spoof to every address in every directly
connected subnet
(b) wackamole instances should distribute and union their ARP caches.
In the event of an IP acquisition, every IP in the shared aggregate ARP
cache should be notified (sent an ARP spoof).
After some discussion with Ben, I am convinces that both are valid
options and useful in different scenarios. They should both be
implemented.
(a) poses more complications as the attached subnets could be BIG. Many
people, including me, use the 10/8 network as an internal network. That
is 16 million IPs to spoof to. That is hefty. Even in lighter
situations, with class B networks, there are 65k packets to be sent.
All at once is a little much. Ben suggested a combination a trickle
approach that could be combined with method (b).
Ideally this should be definable on an interface by interface basis.
Comments are welcome.
--
Theo Schlossnagle
1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984
2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7